Security Affairs
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
ZLoader Malware adds Zeus's anti-analysis feature
Zloader continues to evolve, its authors added an anti-analysis feature that was originally present in the Zeus banking trojan.
The Hacker News
ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan
ZLoader modular malware trojan has resurfaced with anti-analysis feature that prevents execution on machines different from the original infection.
Security Affairs
TA547 targets German organizations with Rhadamanthys malware
TA547 group is targeting dozens of German organizations with an information stealer called Rhadamanthys, Proofpoint warns.
The Hacker News
TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer
TA547 hacker group adopts new tactics, possibly harnessing the power of generative AI, to deploy the Rhadamanthys info stealer in attacks on German or
DarkReading
TA547 Uses an LLM-Generated Dropper to Infect German Orgs
It's finally happening: Rather than just for productivity and research, threat actors are using LLMs to write malware. But companies need not worry just yet.
Bleeping Computer
Malicious PowerShell script pushing malware looks AI-written
A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI's ChatGPT, Google's Gemini, or Microsoft's CoPilot.
The Hacker News
Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses
Bumblebee, QakBot, Zloader, & PikaBot are back, sneakier than ever. Don't trust those shady emails or downloads.
HACKRead
Mispadu Stealer's New Variant Targets Browser Data of Mexican Users
Mispadu Stealer targeted Spanish- and Portuguese-speaking victims, but the new variant aims at URLs associated with Mexican citizens.
The Hacker News
New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility
ZLoader malware resurfaces after 2 years, targeting Windows systems with ransomware.
Cyber Security News
Re-vamped Zloader Attacking Windows Users With New RSA Encryption
Zloader, also known as Terdot, DELoader, or Silent Night, is a modular trojan that reappeared after nearly two years of absence.
The Hacker News
Cryptocurrency Companies Targeted in Sophisticated 3CX Supply Chain Attack
A supply chain breach at 3CX has been linked to the North Korean-associated backdoor, Gopuram. The Lazarus Group is believed to be behind the attack.
Bleeping Computer
Cryptocurrency companies backdoored in 3CX supply chain attack
Some of the victims affected by the 3CX supply chain attack have also had their systems backdoored with Gopuram malware, with the threat actors specifically targeting cryptocurrency companies with this additional malicious payload.
Bleeping Computer
10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack
A 10-year-old Windows vulnerability is still being exploited in attacks to make it appear that executables are legitimately signed, with the fix from Microsoft still "opt-in" after all these years. Even worse, the fix is removed after upgrading to Windows 11.
The Hacker News
Researchers Share New Insights Into RIG Exploit Kit Malware's Operations
Researchers have uncovered crucial insights into the inner workings of RIG Exploit Kit and its administrators.
Bleeping Computer
RIG Exploit Kit still infects enterprise users via Internet Explorer
The RIG Exploit Kit is undergoing its most successful period, attempting roughly 2,000 intrusions daily and succeeding in about 30% of cases, the highest ratio in the service's long operational history.
The Record
War brought big spikes in cyberattacks on Ukraine, NATO allies, Google says
Google's Threat Analysis Group reports that cyberattacks on Ukraine and its supporters increased aggressively as Russia waged war.
The Hacker News
New Research Delves into the World of Malicious LNK Files and Hackers Behind Them
New study by cybersecurity experts shows potential to identify relationships among threat actors by analyzing metadata of malicious LNK files.
Trend Micro
Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks
We discuss the Batloader malware campaigns we observed in the last quarter of 2022, including our analysis of Water Minyades-related events (This is the intrusion set we track behind the creation of Batloader).
Security Affairs
DEV-0569 group uses Google Ads to distribute Royal Ransomware
Microsoft warns that a threat actor, tracked as DEV-0569, is using Google Ads to distribute the recently discovered Royal ransomware. Researchers from the Microsoft Security Threat Intelligence team warned that a threat actor, tracked as DEV-0569, is using Google Ads to distribute various payloads, including the recently discovered Royal ransomware. The DEV-0569 group carries out […]
DarkReading
Australia's Hack-Back Plan Against Cyberattackers Raises Familiar Concerns
How far can its government — or any government or private company — go to proactively disrupt cyber threats without causing collateral damage?
DarkReading
Researchers Sound Alarm on Dangerous BatLoader Malware Dropper
BatLoader has spread rapidly to roost in systems globally, tailoring payloads to its victims.
Bleeping Computer
Microsoft disrupts Bohrium hackers’ spear-phishing operation
The Microsoft Digital Crimes Unit (DCU) has disrupted a spear-phishing operation linked to an Iranian threat actor tracked as Bohrium that targeted customers in the U.S., Middle East, and India.
The Hacker News
New Hacking Campaign Targeting Ukrainian Government with IcedID Malware
Ukraine government has warned of a new wave of hacking campaigns that spread IcedID malware and exploit Zimbra exploits to steal sensitive information
Security Affairs
Security Affairs newsletter Round 361 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. U.S. Gov believes North Korea-linked Lazarus APT is behind Ronin Validator cyber heist The […]
ZDNet
Microsoft: We've just disrupted this ransomware-spreading botnet | ZDNet
Microsoft takes control of ZLoader's botnet infrastructure, which is used to spread malware and ransomware.
Infosecurity News
Microsoft and Partners Disrupt ZLoader Botnet
Tech giant takes control of 65 C&C domains
DarkReading
Microsoft Leads Operation to Disrupt Zloader Botnet
The banking Trojan-turned-ransomware-distribution tool has been a potent threat since late 2019.
CyberSecurity Dive
Microsoft intercepts Zloader botnet, a distributor for Ryuk ransomware
Ryuk was behind major attacks on healthcare, while the botnet focused on credentials and financial theft.
The Hacker News
Microsoft and Other Major Software Firms Release February 2022 Patch Updates
Microsoft, Adobe, Android, Mozilla, Intel, SAP, Citrix, and other major software firms release February 2022 Patch Tuesday Security Updates.
Bleeping Computer
Microsoft disables Excel 4.0 macros by default to block malware
Microsoft has announced that Excel 4.0 (XLM) macros will now be disabled by default to protect customers from malicious documents.
ZDNet
Microsoft January 2022 Patch Tuesday: Six zero-days, over 90 vulnerabilities fixed | ZDNet
This month's round of security fixes includes patches for publicly-known remote code execution bugs.
ZDNet
Abcbot botnet has now been linked to Xanthe cryptojacking group | ZDNet
Researchers believe the focus is moving from cryptocurrency to traditional botnet attacks.
Trend Micro
This Week in Security News - January 7, 2022
This week, read about Log4j vulnerabilities in connected cars and charging stations and how iOS malware can fake iPhone shutdowns to snoop on cameras and microphones.
ThreatPost
‘Malsmoke’ Exploits Microsoft’s E-Signature Verification
The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware – already has claimed more than 2,000 victims across 111 countries.
Bleeping Computer
Microsoft code-sign check bypassed to drop Zloader malware
A new Zloader campaign exploits Microsoft's e-signature code verification to steal user credentials from over two thousand victims in 111 countries.
ZDNet
Malsmoke hackers abuse Microsoft signature verification in ZLoader cyberattacks | ZDNet
Malware exploits the system to steal credentials and other data.
Bleeping Computer
Microsoft is disabling Excel 4.0 macros by default to protect users
Microsoft will soon begin disabling Excel 4.0 XLM macros by default in Microsoft 365 tenants to protect customers from malicious documents.
Bleeping Computer
New Zloader attacks disable Windows Defender to evade detection
An ongoing Zloader campaign uses a new infection chain to disable Microsoft Defender Antivirus (formerly Windows Defender) on victims' computers to evade detection.
The DFIR Report
Cobalt Strike, a Defender's Guide
As you have noticed from our reporting so far, Cobalt Strike is used as a post-exploitation tool with various malware droppers responsible for the initial infection stage. Some of the most common droppers we see are IcedID (a.k.a. BokBot), ZLoader, Qbot (a.k.a. QakBot), Ursnif, Hancitor, Bazar and TrickBot.
Bleeping Computer
Attackers deliver legal threats, IcedID malware via contact forms
Threat actors are using legitimate corporate contact forms to send phishing emails that threaten enterprise targets with lawsuits and attempt to infect them with the IcedID info-stealing malware.